May 8th, 2006, 07:58 PM
Sounds to me as if a Cracker is attempting to exploit a hole in ebay, this would be the reason why they didnt change the password. Just change the email and throw up a fake auction. If someone was really wanting to steal your account. Why not just "buy now" everything in site? That reminds me, Time to change all my passwords. I saw something resently on my auction I got a question for a thing I was selling and it was spam.
May 8th, 2006, 08:37 PM
As for changing the password, I'd suggest something non-sensical (is that even a word?)
A friend of mine does this: Take a word and shift the letters to the top left or right.
For example, if your password was antionline, it'd become wj69p9j4 with the letters shifting to the upper-right.
Shifting to the upper left would be qh58i8h3.
Misery is not my friend, but I\'ll break before I bend.
May 8th, 2006, 11:49 PM
Yeah, I already use wierd passwords like that.
Let me clarify that -- It was a very short window of time that this all went down. I got the email alert confirming my email address change (which I of course did not authorize), so I logged into eBay (NOT by clicking on any links in the message, mind you) to find my personal settings changed. I was seconds away from contacting eBay when I actually received an email from them stating they discovered my account had been stolen and restored everything. So we're looking at about a five minute window. I knew before eBay notified me, but eBay found out before I had a chance to contact them.
Another thought, you said they restored your settings before you found out, maybe this person DID change the password but ebay changed it back before you found out about it..
Also, I use Firefox...I only use IE for sites that require it (which are fewer and fewer nowadays).
Couldn't have been phished since I never use links in emails. I always log in using a bookmark button in Firefox.
And thanks TH13 for a full, educated explanation there...That's what I was starting to suspect, some auction page that was exploiting a vulnerability. I just hadn't realized they had been that slack on preventing such things.
And Nihil, I rather enjoy being a retard...But I find the risk minimized if you monitor your accounts daily and report any odd activity the minute you see it. Even once my account was stolen, everything was brought under control and restored in mere minutes, so that was refreshing. Nothing's foolproof, but you can at least keep your risks to a reasonable minimum.
July 16th, 2007, 06:17 PM
All of this sounds VERY familiar to me . I get emails from "ebay" and "paypal" about my "accounts" in an email address that has never had either one attached to it. I also get emails from banks I've never had accounts with. All kinds of ebay and email scams, hijackings, etc. have and will abound. As much as you may not want to think about it, is there a possibility that someone close to you might have done this? About three or four years ago, a friend a good friend of mine had her ebay account temporarily hijacked by her son. He had installed a keylogger onto the computer and found passwords.Once he came up with the needed passwords, he changed her ebay information to a new email and paypal account he'd set up. Since he then knew her password for her email address, he just watched for the appropriate emails to come in, then deleted them.
You could also have gotten a keylogger come in on an auction site, or any other site, for that matter, that had one attached. Also, consider rootkits and backdoors. Remember: running just one spyware program on a pc is not enough. Different ones catch different things.
July 17th, 2007, 09:46 AM
From a little bit of research, it seems as if thehorse13 is correct. This seems to be an unreleased exploit which ebay have become aware of. I have searched the usual forums but have found nothing "new" so unless it is an old vulnerability that ebay have still not patched. (Which def could be the case!)